@aws-cdk/integ-runner (>=2.142.0-alpha.0 <=2.148.0-alpha.0), @jill64/sveltekit-adapter-aws (>=1.9.3 <=1.9.45) +3 more potentially affected by CVE-2024-45037 via aws-cdk (>=2.142.0 <=2.148.0)

aws-cdk NPM version =2.142.0, =2.142.0-alpha.0, =1.9.3, =3.1.6, =2.142.0, =2.148.0 Source cves: CVE-2024-45037 Source advisory: OSV:GHSA-QJ85-69XF-2VXQ...

GHSA-QJ85-69XF-2VXQ AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template

Summary The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built component...

CVE-2024-45037

The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built components called...

CVE-2024-45037 AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template

The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built components called...

CVE-2024-45037

The CVE affects the AWS CDK RestApi with CognitoUserPoolAuthorizer. Under certain conditions, authenticated Cognito users may gain access beyond what is intended to protected API resources/methods, though API availability is not affected. Affected CDK versions are &gt;=2.142.0 and =2.148.1; upgra...

CVE-2024-45037 AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template

The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built components called...

CVE-2024-45037 AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template

The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built components called...

AWS Cloud Development Kit 安全漏洞

AWS Cloud Development Kit is an open source software development framework open sourced by Amazon Web Services for defining cloud infrastructure in code and configuring it via AWS CloudFormation. A security vulnerability exists in AWS Cloud Development Kit that stems from the possibility that an...

CVE-2024-43911

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL dereference at band check in starting tx ba session In MLD connection, linkdata/linkconf are dynamically allocated. They don't point to vif-bssconf. So, there will be no chanreq assigned to vif-bssconf an...

wildfly-security-manager: security manager authorization bypass

A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks...

CVE-2024-43911 wifi: mac80211: fix NULL dereference at band check in starting tx ba session

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL dereference at band check in starting tx ba session In MLD connection, linkdata/linkconf are dynamically allocated. They don't point to vif-bssconf. So, there will be no chanreq assigned to vif-bssconf an...

CVE-2024-43911 wifi: mac80211: fix NULL dereference at band check in starting tx ba session

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL dereference at band check in starting tx ba session In MLD connection, linkdata/linkconf are dynamically allocated. They don't point to vif-bssconf. So, there will be no chanreq assigned to vif-bssconf an...

CVE-2024-43911

CVE-2024-43911—Linux kernel wifi/mac80211 NULL pointer dereference fix . The vulnerability occurs in the MLD path during band/tx BA session initialization where link_data/link_conf may not point to vif-&gt;bss_conf, risking a NULL chan and a kernel crash. The fix adds explicit checks on ht_suppor...

The vulnerability of the software development package Azure IoT SDK for C lies in its memory management after memory is released. This allows a malicious actor to execute arbitrary code.

The vulnerability of the Azure IoT SDK for C development software package lies in the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

SUSE: Security Advisory (SUSE-SU-2024:2999-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:2993-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

File Upload Vulnerability in MSG5200-2GEC-4E-X4 and MSG2100E-UPON-4V at Risecomm Technology Development Co.

Ltd. is an industry-leading provider of optical networking products and system solutions. A file upload vulnerability exists in the MSG5200-2GEC-4E-X4 and MSG2100E-UPON-4V of Risecomm Technology Development Corporation, which can be exploited by an attacker to gain server privileges...

SUSE: Security Advisory (SUSE-SU-2024:2978-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

edk2: Temporary DoS vulnerability

A divide-by-zero vulnerability was found in edk2. A successful exploit of this vulnerability may lead to a loss of availability...

Microsoft Security Update Validation Report August 2024

Microsoft’s August 2024 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing software...